Threat Intelligence Blog

Cyveillance Weekly Cyber Security Trends Report – March 17, 2015

Posted March 17, 2015

Welcome to the Cyveillance Weekly Cyber Security Trends Report

Since threat intelligence is constantly evolving, we publish this weekly cyber security trends report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.

Top Cyber Security Incidents

Financial Services

Both Apple and Microsoft released patches to fix the FREAK vulnerability that could help attackers intercept secured network communications. Discovered earlier this month, FREAK (Factoring attack on RSA-EXPORT Keys) provides a way for an attacker to intercept SSL-encrypted traffic encrypted by SSL (Secure Sockets Layer) as it moves between clients and servers. An attacker could use the flaw to secretly access and even alter communications between two parties.

On March 15 over a million Brazilians took to the streets to call for the impeachment of President Dilma over corruption in her party and across the government as the Petrobras corruption scandal continues. Unlike the nationwide protests that occurred in June of 2013 that cut across party lines and socio-economic strata to protest the sad state of public services and infrastructure, Sunday’s protest was a mass mobilization of the half of the electorate that is embarrassed and deeply frustrated at Dilma and the government. Unless Dilma gets directly implicated in the Petrobras scandal it is unlikely that there is any viable basis for her impeachment. Calls by some of the protesters for the military to take over the government will go unheeded by the most professional Army in Latin America content to serve their constitutional role in support of the nation’s civilian leaders.

Legal and Regulations

Last week, the National Institute of Standards and Technology (NIST) released a preliminary discussion draft of its Framework for Cyber-Physical Systems. The goal of this draft: to create an integrated framework of standards that will form the blueprint for the creation of a massive interoperable network of cyber-physical systems (CPS), also known as the “Internet of Things.” In 2014, NIST established the cyber-physical systems public working group (CPS PWG)—an open public forum which includes representatives from government, industry, and academia—to develop the CPS framework. By creating a common framework at an early stage of the Internet of Things, the CPS PWG hopes to ensure the development of a secure, integrated, and interoperable ecosystem of connected devices. The CPS PWG will continue to solicit input as it refines the draft and works to finalize the framework for use in multiple industry sectors.

-Hogan Lovells

Technology

“U.S. technology companies need to confront difficult choices amid new bank-security rules in China, as Beijing offers few signs that it will abandon measures that could limit the IT firms’ sales to the big market. Banks faced a Sunday deadline to submit plans to Chinese officials on how they will convert their internal technology into what Beijing considers secure and controllable systems.”

“A Dutch court Wednesday handed a victory to privacy advocates by striking down a data-retention law that gives the government easy access to telecommunication data. The District court of The Hague said the law, which requires telecom providers to collect and store data for as long as 12 months, violates citizens’ right to privacy and the right to protection of personal data. “The judge finds that this violation is not limited to what is strictly necessary,” it said.”

“The Wikimedia Foundation on Tuesday joined with other rights groups to file suit against the US National Security Agency’s spying program- in particular, its large-scale search and seizure of internet communications, commonly referred to as upstream surveillance.”

The Wall Street Journal reports the Justice Department’s newest electronic dragnet–plane-mounted “dirtboxes” that can slurp thousands of cellular phone ID’s from the air which was originally developed by the CIA to hunt terrorists in the Middle East is now being used domestically to track American citizens. These dirtboxes are electronic sniffers that mimic cellular tower signals to incite any cellular telephone within range to broadcast its identifying registration information to law enforcement.